» cute-spring-photo-collection-img001-jpeg.exe
Overview
Analysis
File Details
Downloads (1)

cute-spring-photo-collection-img001-jpeg.exe

The executable cute-spring-photo-collection-img001-jpeg.exe has been detected as malware by 20 anti-virus scanners. The file has been seen being downloaded from catalog.chaosium.com.

File name:

MD5:

1f41dc58ae6e7d30651d444f7b8122b3

SHA-1:

63d6db8d44ff95785d06533c04ce410f2c12c2b6

SHA-256:

ccf33776118de51f1dad3971a8c5d069afe0ce6f9464a8e4ddd9d27c3cab0670

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/25/2024 9:00:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1620821

1043

Avira AntiVirus

TR/Crypt.ZPACK.62131

7.11.140.4

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140328

Baidu Antivirus

Hacktool.Win32.CeeInject

4.0.3.14328

Bitdefender

Trojan.GenericKD.1620821

1.0.20.435

Emsisoft Anti-Malware

Trojan.GenericKD.1620821

8.14.03.28.05

ESET NOD32

Win32/Injector.BARE (variant)

8.9608

Fortinet FortiGate

W32/Napolar.TA!tr.bdr

3/28/2014

F-Secure

Trojan.GenericKD.1620821

11.2014-28-03_6

G Data

Trojan.GenericKD.1620821

14.3.24

K7 AntiVirus

Riskware

13.176.11595

Kaspersky

Backdoor.Win32.Napolar

14.0.0.4101

Malwarebytes

Spyware.Zbot

v2014.03.28.05

McAfee

PWSZbot-FWL!1F41DC58AE6E

5600.7177

Microsoft Security Essentials

VirTool:Win32/CeeInject.gen!KK

1.10401

MicroWorld eScan

Trojan.GenericKD.1620821

15.0.0.261

nProtect

Trojan.GenericKD.1620821

14.03.28.01

Panda Antivirus

Trj/CI.A

14.03.28.05

Sophos

Mal/Zbot-QJ

4.98

Trend Micro House Call

TROJ_GEN.F47V0327

7.2.87

File size:

166.9 KB (170,856 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\cute-spring-photo-collection-img001-jpeg.exe

File PE Metadata

Compilation timestamp:

3/12/2014 7:57:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:6gyJ+3JPEmCLfrTBicvg2aeXYdv/upZDp6uyEyhMT9K:T0BLzdiBd3uvVAMTE

Entry address:

0x2CD0

Entry point:

55, 8B, EC, 6A, FF, 68, 70, 47, 40, 00, 68, 56, 2E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 34, 42, 40, 00, 59, 83, 0D, 30, 62, 40, 00, FF, 83, 0D, 34, 62, 40, 00, FF, FF, 15, 30, 42, 40, 00, 8B, 0D, 24, 62, 40, 00, 89, 08, FF, 15, 2C, 42, 40, 00, 8B, 0D, 20, 62, 40, 00, 89, 08, A1, 28, 42, 40, 00, 8B, 00, A3, 2C, 62, 40, 00, E8, 16, 01, 00, 00, 39, 1D, 40, 60, 40, 00, 75, 0C, E9, 48, 04, 00, 00, FF, 15, 24, 42... 
[+]

Entropy:

7.5237

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

12 KB (12,288 bytes)

The file cute-spring-photo-collection-img001-jpeg.exe has been seen being distributed by the following URL.

http://catalog.chaosium.com/?6rtb48a8ja1i=9ff5816d6c0d6186ddf

Remove cute-spring-photo-collection-img001-jpeg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.